Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

A few weeks ago at the Aspen Security Forum, Gen. Keith Alexander, National Security Agency director, said the number of attacks against America's critical infrastructure increased seventeenfold between 2009 and 2011. Now as much as ever, some argue, a gap exists between the protection capabilities of today's enterprises and the penetration capabilities of modern attackers.

Bridging that gap has traditionally relied on technologies that could be viewed as reactivesuch as antivirus signatures, firewalls and intrusion-prevention systems. But some say today's threat landscape may require a different approachone that mixes defense with a little more offense.

"It is totally fair to say that traditional approaches are too reactionary," said Eric Ogren, principal with analyst firm The Ogren Group. "AV [antivirus] and [firewalls] are just not clever enough to ferret out new attacks. I believe IT has to become more nimble and agile in managing the infrastructure to prevent attacks from lingering."

In some ways, securing networks and devices has always been a game of catch-up; or perhaps more precisely, whack-a-mole, where new security crises erupt and are resolved with security technology just in time for another one to emerge.

Further reading

"Each generation of threat advances has resulted in protection advancesmore inspection of inbound email to detect phishing, Web security gateways looking at inbound Web code, next-generation firewalls looking at applications, etc.," said Gartner analyst John Pescatore. "Then the threats make another advance ¦ This will be life until technology stops advancing. There will always be crime and criminal advances and the good guys get to move second."

But with the amount of malware continuing to grow, some security companies are advocating a more proactive defensive strategy. One example of this is CrowdStrike, which is centered on helping companies build security defenses based on better intelligence of hacking crews and what they are after. CrowdStrike CEO and co-founder George Kurtz, an alumnus of security company McAfee, explained that knowing the tactics, tools and goals of hacking groups allows organizations to make informed decisions based on risk.

"If you were in battle," he said, "and you were sitting in the middle of the field, would you be waiting to get bombed or would you want to know that there's an adversary that's over the hill; they are coming from the south; they've got certain capabilities in terms of armament; and if we position ourselves in a certain way, we are going to be better able to protect against their attack, Kurtz said.

What we're talking about is providing this linkage of who, what and why so that you can make risk-based decisions which really have a much greater impact on the business," said Kurtz. With this information in hand, companies can look for ways to make attacks more expensive for hackers by improving defenses with an eye toward the attackers' tactics and goals, he said.

But there are some who take a more aggressive approach. In a survey of 181 attendees at the recent Black Hat USA conference in Las Vegas, security company nCircle found that 36 percent admitted they had engaged in retaliatory hacking in the past.

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.